From owner-svn-src-stable-8@FreeBSD.ORG Sun Dec 11 20:38:37 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 377FA1065672; Sun, 11 Dec 2011 20:38:37 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1D78A8FC0A; Sun, 11 Dec 2011 20:38:37 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pBBKcb2f067990; Sun, 11 Dec 2011 20:38:37 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pBBKcaWD067988; Sun, 11 Dec 2011 20:38:37 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201112112038.pBBKcaWD067988@svn.freebsd.org> From: Dag-Erling Smorgrav Date: Sun, 11 Dec 2011 20:38:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r228420 - stable/8/lib/libpam/modules/pam_ssh X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2011 20:38:37 -0000 Author: des Date: Sun Dec 11 20:38:36 2011 New Revision: 228420 URL: http://svn.freebsd.org/changeset/base/228420 Log: MFH r227757: check for null passphrases, since openssl doesn't Security: prevents users with unencrypted ssh keys (prohibited unless the nullok option is specified) from logging in by providing a bogus non-null passphrase. Modified: stable/8/lib/libpam/modules/pam_ssh/pam_ssh.c Directory Properties: stable/8/lib/libpam/ (props changed) Modified: stable/8/lib/libpam/modules/pam_ssh/pam_ssh.c ============================================================================== --- stable/8/lib/libpam/modules/pam_ssh/pam_ssh.c Sun Dec 11 20:01:37 2011 (r228419) +++ stable/8/lib/libpam/modules/pam_ssh/pam_ssh.c Sun Dec 11 20:38:36 2011 (r228420) @@ -91,7 +91,8 @@ static char *const pam_ssh_agent_envp[] * struct pam_ssh_key containing the key and its comment. */ static struct pam_ssh_key * -pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase) +pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase, + int nullok) { struct pam_ssh_key *psk; char fn[PATH_MAX]; @@ -101,7 +102,21 @@ pam_ssh_load_key(const char *dir, const if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn)) return (NULL); comment = NULL; - key = key_load_private(fn, passphrase, &comment); + /* + * If the key is unencrypted, OpenSSL ignores the passphrase, so + * it will seem like the user typed in the right one. This allows + * a user to circumvent nullok by providing a dummy passphrase. + * Verify that the key really *is* encrypted by trying to load it + * with an empty passphrase, and if the key is not encrypted, + * accept only an empty passphrase. + */ + key = key_load_private(fn, NULL, &comment); + if (key != NULL && !(*passphrase == '\0' && nullok)) { + key_free(key); + return (NULL); + } + if (key == NULL) + key = key_load_private(fn, passphrase, &comment); if (key == NULL) { openpam_log(PAM_LOG_DEBUG, "failed to load key from %s\n", fn); return (NULL); @@ -168,9 +183,6 @@ pam_sm_authenticate(pam_handle_t *pamh, if (pam_err != PAM_SUCCESS) return (pam_err); - if (*passphrase == '\0' && !nullok) - goto skip_keys; - /* switch to user credentials */ pam_err = openpam_borrow_cred(pamh, pwd); if (pam_err != PAM_SUCCESS) @@ -178,7 +190,7 @@ pam_sm_authenticate(pam_handle_t *pamh, /* try to load keys from all keyfiles we know of */ for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) { - psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase); + psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase, nullok); if (psk != NULL) { pam_set_data(pamh, *kfn, psk, pam_ssh_free_key); ++nkeys; @@ -188,7 +200,6 @@ pam_sm_authenticate(pam_handle_t *pamh, /* switch back to arbitrator credentials */ openpam_restore_cred(pamh); - skip_keys: /* * If we tried an old token and didn't get anything, and * try_first_pass was specified, try again after prompting the From owner-svn-src-stable-8@FreeBSD.ORG Mon Dec 12 17:33:39 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36BB11065675; Mon, 12 Dec 2011 17:33:39 +0000 (UTC) (envelope-from pho@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 239278FC08; Mon, 12 Dec 2011 17:33:39 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pBCHXdCq011172; Mon, 12 Dec 2011 17:33:39 GMT (envelope-from pho@svn.freebsd.org) Received: (from pho@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pBCHXcfc011168; Mon, 12 Dec 2011 17:33:38 GMT (envelope-from pho@svn.freebsd.org) Message-Id: <201112121733.pBCHXcfc011168@svn.freebsd.org> From: Peter Holm Date: Mon, 12 Dec 2011 17:33:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r228439 - in stable/8/sys: conf kern sys X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2011 17:33:39 -0000 Author: pho Date: Mon Dec 12 17:33:38 2011 New Revision: 228439 URL: http://svn.freebsd.org/changeset/base/228439 Log: MFC: r228218, r228219, 228220, 228221 Rename copyin_timeout32 to umtx_copyin_timeout32 and move parameter check here. Include check for negative seconds value. Add umtx_copyin_timeout() and move parameter checks here. Add declaration of umtx_copyin_timeout() Use umtx_copyin_timeout() to copy and check timeout parameteri in kern_thr_suspend(). Modified: stable/8/sys/kern/kern_thr.c stable/8/sys/kern/kern_umtx.c stable/8/sys/sys/umtx.h Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/conf/ldscript.mips.octeon1.32 (props changed) stable/8/sys/conf/ldscript.mips.octeon1.64 (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/kern/kern_thr.c ============================================================================== --- stable/8/sys/kern/kern_thr.c Mon Dec 12 13:12:55 2011 (r228438) +++ stable/8/sys/kern/kern_thr.c Mon Dec 12 17:33:38 2011 (r228439) @@ -428,8 +428,7 @@ thr_suspend(struct thread *td, struct th tsp = NULL; if (uap->timeout != NULL) { - error = copyin((const void *)uap->timeout, (void *)&ts, - sizeof(struct timespec)); + error = umtx_copyin_timeout(uap->timeout, &ts); if (error != 0) return (error); tsp = &ts; @@ -445,9 +444,6 @@ kern_thr_suspend(struct thread *td, stru int error = 0, hz = 0; if (tsp != NULL) { - if (tsp->tv_sec < 0 || tsp->tv_nsec < 0 || - tsp->tv_nsec > 1000000000) - return (EINVAL); if (tsp->tv_sec == 0 && tsp->tv_nsec == 0) return (ETIMEDOUT); TIMESPEC_TO_TIMEVAL(&tv, tsp); Modified: stable/8/sys/kern/kern_umtx.c ============================================================================== --- stable/8/sys/kern/kern_umtx.c Mon Dec 12 13:12:55 2011 (r228438) +++ stable/8/sys/kern/kern_umtx.c Mon Dec 12 17:33:38 2011 (r228439) @@ -2740,6 +2740,21 @@ _umtx_unlock(struct thread *td, struct _ return do_unlock_umtx(td, uap->umtx, td->td_tid); } +inline int +umtx_copyin_timeout(const void *addr, struct timespec *tsp) +{ + int error; + + error = copyin(addr, tsp, sizeof(struct timespec)); + if (error == 0) { + if (tsp->tv_sec < 0 || + tsp->tv_nsec >= 1000000000 || + tsp->tv_nsec < 0) + error = EINVAL; + } + return (error); +} + static int __umtx_op_lock_umtx(struct thread *td, struct _umtx_op_args *uap) { @@ -2750,13 +2765,9 @@ __umtx_op_lock_umtx(struct thread *td, s if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return (do_lock_umtx(td, uap->obj, uap->val, ts)); @@ -2777,12 +2788,9 @@ __umtx_op_wait(struct thread *td, struct if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 0, 0); @@ -2797,12 +2805,9 @@ __umtx_op_wait_uint(struct thread *td, s if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 0); @@ -2817,12 +2822,9 @@ __umtx_op_wait_uint_private(struct threa if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 1); @@ -2850,14 +2852,9 @@ __umtx_op_lock_umutex(struct thread *td, if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, 0); @@ -2879,14 +2876,9 @@ __umtx_op_wait_umutex(struct thread *td, if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, _UMUTEX_WAIT); @@ -2920,14 +2912,9 @@ __umtx_op_cv_wait(struct thread *td, str if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val)); @@ -2955,14 +2942,9 @@ __umtx_op_rw_rdlock(struct thread *td, s if (uap->uaddr2 == NULL) { error = do_rw_rdlock(td, uap->obj, uap->val, 0); } else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_rdlock2(td, uap->obj, uap->val, &timeout); } return (error); @@ -2978,14 +2960,9 @@ __umtx_op_rw_wrlock(struct thread *td, s if (uap->uaddr2 == NULL) { error = do_rw_wrlock(td, uap->obj, 0); } else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_wrlock2(td, uap->obj, &timeout); } @@ -3051,15 +3028,21 @@ struct timespec32 { }; static inline int -copyin_timeout32(void *addr, struct timespec *tsp) +umtx_copyin_timeout32(void *addr, struct timespec *tsp) { struct timespec32 ts32; int error; error = copyin(addr, &ts32, sizeof(struct timespec32)); if (error == 0) { - tsp->tv_sec = ts32.tv_sec; - tsp->tv_nsec = ts32.tv_nsec; + if (ts32.tv_sec < 0 || + ts32.tv_nsec >= 1000000000 || + ts32.tv_nsec < 0) + error = EINVAL; + else { + tsp->tv_sec = ts32.tv_sec; + tsp->tv_nsec = ts32.tv_nsec; + } } return (error); } @@ -3074,13 +3057,9 @@ __umtx_op_lock_umtx_compat32(struct thre if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return (do_lock_umtx32(td, uap->obj, uap->val, ts)); @@ -3101,12 +3080,9 @@ __umtx_op_wait_compat32(struct thread *t if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 0); @@ -3122,12 +3098,9 @@ __umtx_op_lock_umutex_compat32(struct th if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, 0); @@ -3143,12 +3116,9 @@ __umtx_op_wait_umutex_compat32(struct th if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, _UMUTEX_WAIT); @@ -3164,12 +3134,9 @@ __umtx_op_cv_wait_compat32(struct thread if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val)); @@ -3185,13 +3152,9 @@ __umtx_op_rw_rdlock_compat32(struct thre if (uap->uaddr2 == NULL) { error = do_rw_rdlock(td, uap->obj, uap->val, 0); } else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_rdlock2(td, uap->obj, uap->val, &timeout); } return (error); @@ -3207,13 +3170,9 @@ __umtx_op_rw_wrlock_compat32(struct thre if (uap->uaddr2 == NULL) { error = do_rw_wrlock(td, uap->obj, 0); } else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_wrlock2(td, uap->obj, &timeout); } @@ -3229,12 +3188,9 @@ __umtx_op_wait_uint_private_compat32(str if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 1); Modified: stable/8/sys/sys/umtx.h ============================================================================== --- stable/8/sys/sys/umtx.h Mon Dec 12 13:12:55 2011 (r228438) +++ stable/8/sys/sys/umtx.h Mon Dec 12 17:33:38 2011 (r228439) @@ -241,6 +241,7 @@ umtx_key_match(const struct umtx_key *k1 k1->info.both.b == k2->info.both.b); } +int umtx_copyin_timeout(const void *, struct timespec *); int umtx_key_get(void *, int, int, struct umtx_key *); void umtx_key_release(struct umtx_key *); struct umtx_q *umtxq_alloc(void); From owner-svn-src-stable-8@FreeBSD.ORG Tue Dec 13 13:02:53 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C18C1065670; Tue, 13 Dec 2011 13:02:53 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id EE6488FC0A; Tue, 13 Dec 2011 13:02:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pBDD2q80050895; Tue, 13 Dec 2011 13:02:52 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pBDD2qn6050893; Tue, 13 Dec 2011 13:02:52 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201112131302.pBDD2qn6050893@svn.freebsd.org> From: Dag-Erling Smorgrav Date: Tue, 13 Dec 2011 13:02:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r228466 - stable/8/contrib/openpam/lib X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2011 13:02:53 -0000 Author: des Date: Tue Dec 13 13:02:52 2011 New Revision: 228466 URL: http://svn.freebsd.org/changeset/base/228466 Log: MFH r228384: validate the service name Security: some poorly thought out programs allow the user to specify the service name; this patch makes it harder to trick these programs into loading and executing arbitrary code. Modified: stable/8/contrib/openpam/lib/openpam_configure.c Directory Properties: stable/8/contrib/openpam/ (props changed) Modified: stable/8/contrib/openpam/lib/openpam_configure.c ============================================================================== --- stable/8/contrib/openpam/lib/openpam_configure.c Tue Dec 13 13:02:31 2011 (r228465) +++ stable/8/contrib/openpam/lib/openpam_configure.c Tue Dec 13 13:02:52 2011 (r228466) @@ -285,6 +285,13 @@ openpam_load_chain(pam_handle_t *pamh, size_t len; int r; + /* don't allow to escape from policy_path */ + if (strchr(service, '/')) { + openpam_log(PAM_LOG_ERROR, "invalid service name: %s", + service); + return (-PAM_SYSTEM_ERR); + } + for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') { From owner-svn-src-stable-8@FreeBSD.ORG Thu Dec 15 16:39:48 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A95391065676; Thu, 15 Dec 2011 16:39:48 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 97AB08FC25; Thu, 15 Dec 2011 16:39:48 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pBFGdmdV058119; Thu, 15 Dec 2011 16:39:48 GMT (envelope-from jhb@svn.freebsd.org) Received: (from jhb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pBFGdmdq058117; Thu, 15 Dec 2011 16:39:48 GMT (envelope-from jhb@svn.freebsd.org) Message-Id: <201112151639.pBFGdmdq058117@svn.freebsd.org> From: John Baldwin Date: Thu, 15 Dec 2011 16:39:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r228534 - stable/8/usr.sbin/mfiutil X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2011 16:39:48 -0000 Author: jhb Date: Thu Dec 15 16:39:48 2011 New Revision: 228534 URL: http://svn.freebsd.org/changeset/base/228534 Log: MFC 225168: If a drive is not part of the array (i.e. missing) we need to print the new line after the pd state information as well, so move it to the outside of the block. Modified: stable/8/usr.sbin/mfiutil/mfi_show.c Directory Properties: stable/8/usr.sbin/mfiutil/ (props changed) Modified: stable/8/usr.sbin/mfiutil/mfi_show.c ============================================================================== --- stable/8/usr.sbin/mfiutil/mfi_show.c Thu Dec 15 15:17:19 2011 (r228533) +++ stable/8/usr.sbin/mfiutil/mfi_show.c Thu Dec 15 16:39:48 2011 (r228534) @@ -335,8 +335,8 @@ show_config(int ac, char **av) mfi_pdstate(ar->pd[j].fw_state)); else print_pd(&pinfo, -1); - printf("\n"); } + printf("\n"); } p += config->array_size; } From owner-svn-src-stable-8@FreeBSD.ORG Fri Dec 16 12:53:16 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 004E5106564A; Fri, 16 Dec 2011 12:53:15 +0000 (UTC) (envelope-from pho@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E283A8FC08; Fri, 16 Dec 2011 12:53:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pBGCrFeg007555; Fri, 16 Dec 2011 12:53:15 GMT (envelope-from pho@svn.freebsd.org) Received: (from pho@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pBGCrF5C007553; Fri, 16 Dec 2011 12:53:15 GMT (envelope-from pho@svn.freebsd.org) Message-Id: <201112161253.pBGCrF5C007553@svn.freebsd.org> From: Peter Holm Date: Fri, 16 Dec 2011 12:53:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r228573 - in stable/8/sys: conf kern X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2011 12:53:16 -0000 Author: pho Date: Fri Dec 16 12:53:15 2011 New Revision: 228573 URL: http://svn.freebsd.org/changeset/base/228573 Log: MFC: r228360 Move cpu_set_upcall(newtd, td) up before the first call of thread_free(newtd). This to avoid a possible page fault in cpu_thread_clean() as seen on amd64 with syscall fuzzing. Modified: stable/8/sys/kern/kern_thr.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/conf/ldscript.mips.octeon1.32 (props changed) stable/8/sys/conf/ldscript.mips.octeon1.64 (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/kern/kern_thr.c ============================================================================== --- stable/8/sys/kern/kern_thr.c Fri Dec 16 12:42:02 2011 (r228572) +++ stable/8/sys/kern/kern_thr.c Fri Dec 16 12:53:15 2011 (r228573) @@ -188,6 +188,8 @@ create_thread(struct thread *td, mcontex if (newtd == NULL) return (ENOMEM); + cpu_set_upcall(newtd, td); + /* * Try the copyout as soon as we allocate the td so we don't * have to tear things down in a failure case below. @@ -215,8 +217,6 @@ create_thread(struct thread *td, mcontex newtd->td_proc = td->td_proc; newtd->td_ucred = crhold(td->td_ucred); - cpu_set_upcall(newtd, td); - if (ctx != NULL) { /* old way to set user context */ error = set_mcontext(newtd, ctx); if (error != 0) {